"""
@Author : 合肥一元数智教育科技有限公司
@Date :  2025/6/11 14:10
@Description : 
 pymysql 实现数据的增删改操作
"""
import pymysql

"""
用户认证   user   username  password
接收用户的输入
查询数据库
给出认证的结果
"""
mysql_connection = pymysql.connect(host='localhost', port=3306, user='root', passwd='root', db='python2512')
cursor = mysql_connection.cursor()
username = input('请输入用户名:')
password = input('请输入密码:')

# sql语句拼接   漏洞 sql注入
# str_sql = 'select * from user where username ="'+username+'" and password = "'+password+'"'
# 参数占位  解决sql注入
str_sql = 'select * from user where username = %s and password = %s '
print(str_sql)
# sql语句预编译    参数不在参与编译操作  避免了歧义的发生  --
row = cursor.execute(str_sql, (username, password))
# 获取数据
user = cursor.fetchone()
if user is None:
    print('用户名或密码错误认证失败')
else:
    print('认证通过')

cursor.close()
mysql_connection.close()
